Apple Patches Mac OS Security Bug

Apple has patched a macOS High Sierra flaw that would allow intruders to gain full administrator access on your system.

By Jessica Davis

Nov 30, 2017

Apple has patched a macOS High Sierra flaw that would allow intruders to gain full administrator access on your system. Security Update 2017-001 should be installed by Mac users running High Sierra as soon as possible.

The company released Security Update 2017-001 Wednesday to fix a bug that would allow people to gain control over a Mac simply by putting “root” as the username and hitting the Return key a few times.

The bug was made public Tuesday on Twitter by Turkish software designer Lemi Orhan Ergin. Ergin has been criticized for not following responsible guidelines by notifying Apple of the security flaw with reasonable time to fix it before going public.

Luckily, the threat of an attack to your system’s security using this flaw is fairly low in practice. Anyone wanting to exploit the bug would have to have physical access to your Mac, and you could also avoid it by following instructions issued by Apple to set up a root password.

In a statement issued by Apple, the company apologized for the error and said that starting late Wednesday the patch would be “automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.”

Some security experts remain critical of Apple’s security.

“Recent years have not been good for anyone relying on OS X for security,” Tripwire computer security researcher Craig Young said. “Apple needs to seriously re-evaluate how they perform quality assurance testing, as there is really no excuse for releasing macOS with some of these blatant security failings.”